524eb39e76a5a7b10ac5fa50c01ca60126c93ff1f9bdd5741b1c62dd3eb2fffe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20190613Nodeggh.apk
Size

5.7MB
Sample

240526-qhh56aff71
MD5

e75271982fb220570a5ba9ad139d0565
SHA1

b7e2ae2661806f077841fe43834397aca3b674fd
SHA256

524eb39e76a5a7b10ac5fa50c01ca60126c93ff1f9bdd5741b1c62dd3eb2fffe
SHA512

1d90b326cce7f404bb57229d499152c74208a158c0fa59a7ebd942d820547f4061d408d4e1314ba75e8ed7548f00c9d9d40bfa2cf04681c4ff35057cc970a233
SSDEEP

98304:dsPJiJ8ydRkW4jm7Jbcf73bUPZYIiS79ysV+z7HVoMZ5w84l4P/JZPtbC2X/o2oY:dUXydI4Jbcf73bURFiS79B+n1bZ5TaKF

Score

7^/10

android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  20190613Nodeggh.apk
- Size
  
  5.7MB
- MD5
  
  e75271982fb220570a5ba9ad139d0565
- SHA1
  
  b7e2ae2661806f077841fe43834397aca3b674fd
- SHA256
  
  524eb39e76a5a7b10ac5fa50c01ca60126c93ff1f9bdd5741b1c62dd3eb2fffe
- SHA512
  
  1d90b326cce7f404bb57229d499152c74208a158c0fa59a7ebd942d820547f4061d408d4e1314ba75e8ed7548f00c9d9d40bfa2cf04681c4ff35057cc970a233
- SSDEEP
  
  98304:dsPJiJ8ydRkW4jm7Jbcf73bUPZYIiS79ysV+z7HVoMZ5w84l4P/JZPtbC2X/o2oY:dUXydI4Jbcf73bURFiS79B+n1bZ5TaKF
Score

7^/10

discovery evasion persistence collection credential_access impact
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks the presence of a debugger
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpact